directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [03/27] directory-kerby git commit: Adding Token Auth testcase
Date Thu, 07 Jul 2016 06:41:48 GMT
Adding Token Auth testcase


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/68933ae0
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/68933ae0
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/68933ae0

Branch: refs/heads/kpasswd
Commit: 68933ae0cf397cf1f0e9af9a1934243de62cb9ab
Parents: b0d7554
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jul 1 12:07:01 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jul 1 12:07:01 2016 +0100

----------------------------------------------------------------------
 .../integration/test/TokenLoginTestBase.java    | 10 ++-
 .../TokenLoginWithTokenPreauthEnabledTest.java  | 74 ++++++++++++++++++++
 2 files changed, 83 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
index 4741372..7258907 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginTestBase.java
@@ -141,11 +141,19 @@ public class TokenLoginTestBase extends LoginTestBase {
 
     protected void testLoginWithTokenStr() throws Exception {
         String tokenStr = createTokenAndArmorCache();
-        checkSubject(loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile));
+        Subject subj = loginClientUsingTokenStr(tokenStr, armorCache, tgtCache, signKeyFile);
+        checkSubject(subj);
     }
 
     protected void testLoginWithTokenCache() throws Exception {
         createTokenAndArmorCache();
         checkSubject(loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile));
     }
+    
+    protected Subject testLoginWithTokenCacheAndRetSubject() throws Exception {
+        createTokenAndArmorCache();
+        Subject subj = loginClientUsingTokenCache(tokenCache, armorCache, tgtCache, signKeyFile);
+        checkSubject(subj);
+        return subj;
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/68933ae0/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
index 86faf11..ed4ec8a 100644
--- a/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
+++ b/kerby-kerb/integration-test/src/test/java/org/apache/kerby/kerberos/kerb/integration/test/TokenLoginWithTokenPreauthEnabledTest.java
@@ -19,6 +19,19 @@
  */
 package org.apache.kerby.kerberos.kerb.integration.test;
 
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.junit.Assert;
 import org.junit.Test;
 
 /**
@@ -40,4 +53,65 @@ public class TokenLoginWithTokenPreauthEnabledTest extends TokenLoginTestBase
{
     public void testLoginWithTokenCache() throws Exception {
         super.testLoginWithTokenCache();
     }
+    
+    @Test
+    @org.junit.Ignore
+    public void testLoginWithTokenCacheGSS() throws Exception {
+        Subject subject = super.testLoginWithTokenCacheAndRetSubject();
+        Set<Principal> clientPrincipals = subject.getPrincipals();
+        
+        // Get the service ticket
+        KerberosClientExceptionAction action =
+                new KerberosClientExceptionAction(clientPrincipals.iterator().next(),
+                        getServerPrincipal());
+
+        byte[] kerberosToken = (byte[]) Subject.doAs(subject, action);
+        Assert.assertNotNull(kerberosToken);
+    }
+    
+    /**
+     * This class represents a PrivilegedExceptionAction implementation to
+     * a service ticket from a Kerberos Key Distribution Center.
+     */
+    private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]>
{
+
+        private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
+
+        private Principal clientPrincipal;
+        private String serviceName;
+
+        KerberosClientExceptionAction(Principal clientPrincipal, String serviceName) {
+            this.clientPrincipal = clientPrincipal;
+            this.serviceName = serviceName;
+        }
+
+        public byte[] run() throws GSSException {
+            GSSManager gssManager = GSSManager.getInstance();
+
+            GSSName gssService = gssManager.createName(serviceName,
+                    GSSName.NT_USER_NAME);
+            Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
+            GSSName gssClient = gssManager.createName(clientPrincipal.getName(),
+                    GSSName.NT_USER_NAME);
+            GSSCredential credentials = gssManager.createCredential(
+                    gssClient, GSSCredential.DEFAULT_LIFETIME, oid,
+                    GSSCredential.INITIATE_ONLY);
+
+            GSSContext secContext = gssManager.createContext(
+                    gssService, oid, credentials, GSSContext.DEFAULT_LIFETIME
+            );
+
+            secContext.requestMutualAuth(false);
+            secContext.requestCredDeleg(false);
+
+            try {
+                byte[] token = new byte[0];
+                byte[] returnedToken = secContext.initSecContext(token,
+                        0, token.length);
+                return returnedToken;
+            } finally {
+                secContext.dispose();
+            }
+        }
+    }
 }


Mime
View raw message